US holds largest simulated cyber-attack exercise

Updated: 2008-03-14 09:58

WASHINGTON -- US officials said Thursday that "real and growing" threats to US computer and telecommunications networks were behind the holding of the largest-ever cyber-security exercises this week.

Computer security experts from five countries, more than 40 private sector companies, and numerous government and state agencies are spending a week fielding simulated "real-world," on-line attacks on the computer systems of government bodies, corporations, transportation and other key industries.

Robert Jamison, the Department of Homeland Security (DHS) Under Secretary for the National Protection and Programs Directorate, said the Cyber Storm II exercise sought to foster personal links between key officials in business and government.

Those people, he said, are not always willing to share information about security issues involving the networks they run.

"We're concerned that the threats are real and growing" as the Internet expands, Jamison said.

Cyber Storm II tested the warning systems in place for attacks and sought to identify gaps in the way information was shared and reactions coordinated across various sectors.

Several dozen experts crowded into a computer-filled room inside the US Secret Service Headquarters in Washington in sections marked off as chemicals, transportation, telecommunications, state and local governments, and other sectors, for the five-day exercise.

Thousands more were tied into the exercise elsewhere in the US, in Britain, Australia, Canada and New Zealand, and in major companies like Dow Chemical, Wachovia bank, ABB and Cisco.

They fielded some 1,800 "injects," various types of challenges, from hacker break-ins and extortion demands to DNS amplification attacks -- dangerous intensified versions of denial of service attacks that seek to overwhelm and shut down networks.

The exercise involved at least one massive, politically-motivated, coordinated cyber-attack knocking out enough computer and telecommunications networks to require an internationally coordinated response.

"We're trying to simulate sophisticated adversaries," Jamison said.

Some of the exercise involved testing the "Einstein program" -- the US government's top-secret automated process for monitoring security and detecting intrusions on all the government's network gateways.

Greg Garcia, DHS Assistant Secretary for Cyber Security and Communications, said Cyber Storm II aimed at overcoming complacency and piecing together a "digital jigsaw puzzle" of linkages in critical public and private sector systems and networks.

"People are starting to get it," he said about cooperating on security threats.

DHS officials declined to say what kinds of threats they found were most dangerous or what specific weaknesses were identified, citing security needs, but said a report on the exercise would be released later this year.

Top World News  
Today's Top News  
Most Commented/Read Stories in 48 Hours